Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

PC compromised

2»

Answers

  • x00x00 MVP

    I asked Linc to change the title.

    grep is your friend.

  • x00x00 MVP

    do you have shell access or just ftp?

    If you do you could run a diff against a clean copy.

    grep is your friend.

  • peregrineperegrine MVP
    edited November 2014

    @x00 said:
    I asked Linc to change the title.

    yes. but originally the title was "something about trojan" and Schryvers said he didn't edit the title to say hgtonight's email address.. that is the mystery, as to who changed the original title to hgtonight's email address, not who changed it to the current title "PC compromised."

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP

    cwsurf.de is a free host, so it can be used for malicious payload.

    grep is your friend.

  • SchryversSchryvers

    Im uploading my entire backup from last week (2.1.3)

    hoping the message gets out of my html... then updating back to 2.1.5

    lets hope its that easy.

  • x00x00 MVP
    edited November 2014

    @Schryvers from my experience not. If you replace the payload you may not get rid of the exploit.

    The most frustrating one is where is one of the people with access are compromising the site, or you have a OS level exploit on your server.

    You could have had files infect locally then you uploaded them yourself. Or in transit such as a compromised ftp client.

    Who else has access to your server? Also make sure your host is up to date with security the major security concern like Heartbleed and Shellshock.

    grep is your friend.

  • x00x00 MVP

    @Schryvers as you did edit the first post it could have been accidental pasting.

    grep is your friend.

  • phreakphreak MVP

    god in hell, what a debate! ;)

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • hgtonighthgtonight MVP

    @peregrine said:
    but who edited it to hgtonight's email address is the big question.

    That was my bad.

    I edited his comment to have proper code formatting and one of my browser extensions seems to have put my email in the discussion title.

    Sorry for the confusion.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • peregrineperegrine MVP
    edited November 2014

    @phreak said:
    god in hell, what a debate! ;)

    greetz

    @hgtonight said:
    That was my bad.

    smatching are we :wink:

    cwsurf.de is a free host, so it can be used for malicious payload.

    maybe he needs a premium host :wink:

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP

    maybe he needs a premium host :wink:

    I'm not saying that is his host. It is the host of the payload of the script.

    grep is your friend.

  • SchryversSchryvers

    @peregrine rofl i had premium hosts wayback in 1996 i tought i wanna get rid of the banners lets pay for what should be free in my opinion haha.

Sign In or Register to comment.